Saturday, August 4, 2007

Adding Accounts To Local Admin Group

Well, OK, it's not only for adding accounts to local admin group.  You can use the commands I'm about to show here to add accounts to any local group.  But I use it most often for making some account a local admin on a machine.

It's a pretty well known command actually.  Say I want to add my domain account as local admin on a machine.

net localgroup Administrators MYDOMAIN\batcheero /ADD

Or you can do the same thing to add another group to local admin.

net localgroup Administrators SomeOtherGroup /ADD

So yeah, you already know that, of course.  But what if you have a service running on some remote machine under that machine's local system account, and you want that service to have admin access to your local machine?  Well, for that, you need to add the machine account of the remote machine to your local machine.  How do you do that?  Well to do that, you use the command ever so slightly differently.

net localgroup Administrators MYDOMAIN\remotemachine$ /ADD

Notice the $ sign at the end of MYDOMAIN\remotemachine$.  This tells the command it's a machine account, and not to be confused with a regular user account, where there is no $ sign at the end.

I know what you're asking.  Why oh why, dont' they just make another switch to say that it's a machine account?  Well, like always, that would be too easy now wouldn't it?